add taint step through the cli-color library

2026-04-30 03:05:15 +02:00 · 2021-06-22 23:10:40 +02:00
parent ec9c885908
commit 35c513d38a
4 changed files with 79 additions and 57 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Logging.qll
@@ -266,3 +266,15 @@ class CliHighlightStep extends TaintTracking::SharedTaintStep {
    )
  }
 }
+
+/**
+ * A step through the [`cli-color`](https://npmjs.org/package/cli-color) library.
+ */
+class CliColorStep extends TaintTracking::SharedTaintStep {
+  override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(API::CallNode call | call = API::moduleImport("cli-color").getAMember*().getACall() |
+      pred = call.getArgument(0) and
+      succ = call
+    )
+  }
+}